PowerMTA 4.5邮件群发服务器安装配置

说明:

已基本实现邮件的发送功能，spf、dkim和DMARC验证通过，用户名密码认证失败待后续排查验证。

 

环境:

OS: CentOS 7.6

PowerMTA: 4.5r11

域名: mydomain.com 

服务器公网IP :  X.X.X.X

客户端IP: Y.Y.Y.Y

 

前提:

设置服务器主机名称为mydomain.com

 

1. 安装PowerMTA4.5

#wget https://s3-us-west-1.amazonaws.com/origin-static/pmta/PowerMTA-4.5r11.zip
#unzip PowerMTA-4.5r11.zip
#cd PowerMTA-4.5r11
#rpm -Uvh PowerMTA-4.5r11.rpm
#cp license /etc/pmta
#mv /usr/sbin/pmtad /usr/sbin/pmtad.bak && cp usr/sbin/pmtad /usr/sbin/pmtad
#chmod +x /usr/sbin/pmtad

2. 配置PowerMTA

#vim /etc/pmta/config
postmaster [email protected]

host-name mydomain.com

smtp-listener 0/0:25        # listens on all local IPs

# 配置域名及域名dkim证书，证书在添加dkim dns解析时生成
domain-key mykey, mydomain.com, /etc/pmta/mykey.mydomain.com.pem


    max-msg-rate 250/h    # prevent "exceeded the rate limit"



    max-msg-rate 250/h    # prevent "exceeded the rate limit"



    max-msg-rate 250/h    # prevent "exceeded the rate limit"



    max-msg-rate 250/h    # prevent "exceeded the rate limit"
    smtp-pattern-list backoff



    dkim-sign yes
    dkim-identity @mydomain.com



    reply /550 Access denied/ mode=backoff


           # 认证用户名
    password 9527Qazwsx      # 认证密码
    source smtpuser-auth



    smtp-service yes
    always-allow-relaying yes
    require-auth true
    process-x-virtual-mta yes
    default-virtual-mta pmta-pool
    always-allow-api-submission yes
    #remove-received-headers true
    #add-received-header true
    #hide-message-source true



    always-allow-relaying yes   # allow feeding from 127.0.0.1
    process-x-virtual-mta yes   # allow selection of a virtual MTA
    smtp-service yes            # allow SMTP service
    max-message-size unlimited
    process-x-dkim-key yes
    process-X-DKIM-Options yes
    add-message-id-header yes
    jobid-header X-Mailer-RecptId
    always-allow-api-submission yes


      # 允许指定网段访问
    smtp-service yes             # allow SMTP service
    process-x-dkim-key yes
    process-X-DKIM-Options yes
    add-message-id-header yes
    jobid-header X-Mailer-RecptId
    always-allow-relaying yes   
    allow-unencrypted-plain-auth yes
    log-connections no
    log-commands    no           # WARNING: verbose!
    log-data        no           # WARNING: even more verbose!



    smtp-source-host X.X.X.X mydomain.com   # 配置服务器IP及域名



    virtual-mta pmta-vmta1



http-mgmt-port 8080

http-access 127.0.0.1 admin
http-access 0/0 monitor
http-access Y.Y.Y.Y admin     # 配置客户端IP允许访问

run-as-root no

log-file /var/log/pmta/pmta.log   # logrotate is used for rotation


    move-interval 5m
    max-size 50M
    delete-after 8d



    deliver-only no

3. 配置DNS解析，以阿里云为例

• 添加A记录和MX记录

• 添加SPF记录

访问https://tools.sparkpost.com/spf/builder生成SPF记录

在阿里云添加SPF解析记录

添加完成后https://tools.sparkpost.com/spf/inspector输入域名验证SPF记录是否有效。

• 添加DKIM记录

访问https://www.sparkpost.com/resources/tools/dkim-wizard/输入域名和Selector

根据上一步生成的结果在阿里云添加DKIM记录

访问https://dkimcore.org/c/keycheck输入域名和selector验证DKIM是否生效

配置DKIMＹ证书，将生成的私钥保存为pem文件, 如mykey.mydomain.com.pem

 

• 添加DMARC记录

 

4. 启动服务

# systemctl start pmtahttp
#pmtad --debug    # 先以debug启动进行邮件发送测试

5. 在PowerMTA服务器本机发送邮件测试

服务端日志/var/log/pmta/acct-*.log

查看邮件:

 

6. 访问https://tools.sparkpost.com/dkim并往随机生成的邮箱发送邮件验证DKIM是否是pass状态。

 

7. 访问https://www.mail-tester.com/并向生成的邮箱发送邮件，然后查看分数